Hacking For Dummies. Kevin Beaver

Чтение книги онлайн.

Читать онлайн книгу Hacking For Dummies - Kevin Beaver страница 10

Hacking For Dummies - Kevin  Beaver

Скачать книгу

professional:

       You’re familiar with basic computer, network, and information security concepts and terms.

       You have access to a computer and a network on which to use these techniques and tools.

       You have the go-ahead from your employer or your client to perform the hacking techniques described in this book.

      Throughout this book, you’ll see the following icons in the margins.

      

This icon points out information that’s worth committing to memory.

      

This icon points out information that could have a negative effect on your vulnerability and penetration testing efforts — so please read it!

      

This icon refers to advice that can highlight or clarify an important point.

      

This icon points out technical information that’s interesting but not vital to your understanding of the topic being discussed.

      First off, be sure to check out the Cheat Sheet associated with this book. You can access the Cheat Sheet by visiting dummies.com and searching for Hacking For Dummies. The Cheat Sheet is a great way to get you pointed in the right direction or get you back on track with your security testing program if needed.

      Also, be sure to check out my website www.principlelogic.com, especially the Resources page.

      The more you know about how external hackers and rogue insiders work and how your systems should be tested, the better you’re able to secure your computer and network systems. This book provides the foundation you need to develop and maintain a successful security assessment and vulnerability management program to minimize business risks.

      Depending on your computer and network configurations, you may be able to skip certain chapters. For example, if you aren’t running Linux or wireless networks, you can skip those chapters. Just be careful. You may think you’re not running certain systems, but they could very well be on your network, somewhere, waiting to be exploited.

      Keep in mind that the high-level concepts of security testing won’t change as often as the specific vulnerabilities you protect against. Vulnerability and penetration testing will always remain both an art and a science in a field that’s ever-changing. You must keep up with the latest hardware and software technologies, along with the various vulnerabilities that come about day after day and month after month. The good news is the vulnerabilities are often very predictable and, therefore, easy to discover and resolve.

      You won’t find a single best way to hack your systems, so tweak this information to your heart’s content. And happy hacking!

      Building the Foundation for Security Testing

      Discover the basics of vulnerability and penetration testing.

      Get a look inside a hacker’s head to understand why and how they do what they do.

      Develop a security testing plan.

      Understand the methodology for finding the most (and best) vulnerabilities.

      Introduction to Vulnerability and Penetration Testing

      IN THIS CHAPTER

      

Understanding hackers’ and malicious users’ objectives

      

Examining how the security testing process came about

      

Recognizing what endangers your computer systems

      

Starting to use the process for security testing

      This book is about testing your computers and networks for security vulnerabilities and plugging the holes you find before the bad guys get a chance to exploit them.

      Everyone has heard of hackers and malicious users. Many people have even suffered the consequences of their criminal actions. Who are these people, and why do you need to know about them? The next few sections give you the lowdown on these attackers.

In this book, I use the following terminology:

       Hackers (or external attackers) try to compromise computers, sensitive information, and even entire networks for ill-gotten gains — usually from the outside — as unauthorized users. Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone’s system increases an attacker’s status in hacker circles.

       Malicious users (external or internal attackers, often called black-hat hackers) try to compromise computers and sensitive information from the outside (such as customers or business partners) or the inside as authorized and trusted users. Malicious users go for systems that they believe they can compromise for ill-gotten gains or revenge, because they may have access or knowledge of a system that gives them a leg up.Malicious attackers are, generally speaking, both hackers and malicious users. For the sake of simplicity, I refer to both as hackers and specify hacker or malicious user only when I need to differentiate and drill down further into their unique tools, techniques, and ways of thinking.

       Ethical hackers (or good guys), often referred to as white-hat hackers or penetration testers, hack systems to discover vulnerabilities to protect against unauthorized access, abuse, and misuse. Information security researchers, consultants, and internal staff fall into this category.

      Hacker

      Hacker has two meanings:

       Traditionally,

Скачать книгу